, 2006-03-07
There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?
Matthew Murphy
It's not often that I read writing that hits a nail so squarely on the head.
Vendors need to start taking some responsibility for ridiculous disclosure timelines. Two come to mind as the chief offenders in this respect: Microsoft and Oracle.
I've created a page on m...
[ more ]